DRYing Out MVC (ESaaS 5.1)"

Size: px

Start display at page:

Download "DRYing Out MVC (ESaaS 5.1)""

Kellie Sharp
5 years ago
Views:

2 Don t Repeat Yourself but how?" Goal: enforce that movie names must be less than 40 characters" Call a check function from every place in app where a Movie might get created or edited? That s not DRY!" How do we DRY out cross-cutting concerns: Logically centralized, but may appear multiple places in implementation?"

3 Background & History: GO TO & COME FROM" CACM, 1968 Letter to Editor"

4 Aspect-Oriented Programming" Advice is a specific piece of code that implements a cross-cutting concern" Pointcuts are the places you want to inject advice at runtime" Advice+Pointcut = Aspect" Goal: DRY out your code"

5 Rails Example: Validations" Specify declaratively in model class" Validation is advice in AOP sense " many places in app where a model could be modified/updated" including indirectly via associations!" So where are the pointcuts?"

Model Lifecycle Callbacks Allows Pre and Post Operations" movie.create movie.save (new record) before_validation before_validation_on_create movie.update_attributes movie.

before_save before_create INSERT INTO movies... after_create after_save movie. rb after_validation after_validation_on_update before_save before_update UPDATE movies.

6 Model Lifecycle Callbacks Allows Pre and Post Operations" movie.create movie.save (new record) before_validation before_validation_on_create movie.update_attributes movie.save (existing record) before_validation before_validation_on_update Validation automatically happens here" Run validations after_validation after_validation_on_create before_save before_create INSERT INTO movies... after_create after_save movie. rb after_validation after_validation_on_update before_save before_update UPDATE movies... after_update after_save Run validations or when you call valid? if fail, save will fail model.errors is an ActiveRecord::Errors object with cool behaviors of its own See Screencast 7.1.1"

7 Example: controller filters" Filters declared in a controller also apply to its subclasses" Corollary: filters in ApplicationController apply to all controllers" A filter can change the flow of execution! by calling redirect_to or render You should add something to the flash to explain to the user what happened, otherwise will manifest as a silent failure!

8 Validations vs. Filters" Advice (DRYness)" Validation! Filter! Check invariants on model" Check conditions for allowing controller action to run" Pointcut! AR model lifecycle hooks" Before and/or after any public controller method" Can change execution flow?" Can define advice in arbitrary function?" Info about errors?" No" Yes; shortcuts provided for common cases" Each model object has associated errors object" Yes" Yes, must provide function" Con: Can make code harder to debug! Capture in flash[], session[], or instance variable"

9 Summary so far" Aspect-oriented programming is a way of DRYing out cross-cutting concerns" Ruby doesn t have fully-general AOP, but Rails provides some predefined pointcuts" Validations check or assert pre/post conditions at key points during model lifecycle" Controller filters check or assert pre/post conditions related to controller actions" and can change control flow (redirect, render)" Partials DRY out views (though not AOP)"

10 Which Ruby language features support the DRYness enabled by validations & filters: (a) higher-order functions, (b) closures, (c) metaprogramming" " Only (a)" Only (a) & (b)" Only (a) & (c)" (a), (b) and (c)" 10"

reveal your Facebook password to NY Times! " How can we do this?

12 Third-party authentication" Goal: What are my Facebook friends reading on the NY Times site?" NY Times needs to be able to access your Facebook info" but you don t want to reveal your Facebook password to NY Times! " How can we do this? => Third-party authentication" Logos shown for educational purposes only and are the intellectual property of their owners.

13 Who are you and what are you doing here?" Authentication: prove you are who you say" Username & secret password" Hold private key that matches public key" Possess cryptographic certificate signed by a trusted third party" Authorization: prove you are allowed to do what you re asking" does system record you as having privilege?" do you have a token or capability that lets you do something?"

14 Web 1.0" Every site has separate passwords" Most sites had no RESTful API, so had to actually log in (or simulate it)" Doesn t work for SOA!" Hard for services to cooperate if you need to login interactively to every service, every time" Desired solution: single-sign-on (SSO)" But don t want to reveal service A password to service B!

15 How does it work? (concepts)" Building block: tamper-evident secure token" Using cryptography, I create a string that:" Only I can decrypt (decode)" I can detect if it s been tampered with" No one else could have created it without knowing my secret key" Usually, string just contains a handle to valuable info that I store myself" Receive string => I know I can trust the handle"

16 Third-Party Auth with Twitter & RottenPotatoes" 1. Login with Twitter 2. Redirect to Twitter login page 3. OK to authorize this app? Logos shown for educational purposes only and are the intellectual property of their owners.

17 Third-Party Auth with Twitter & RottenPotatoes" 7. Welcome, Armando 5. Redirect to RP callback page with access token 4. Yes, please give away my personal info 6. Here s a token that proves I m allowed to know this user s name Logos shown for educational purposes only and are the intellectual property of their owners.

18 How does it work? (MVC)" Model session as its own entity" session controller creates and deletes session, handles interaction with auth provider" Once user is authenticated, we need a local users model to represent him/her" session[] remembers primary key (ID) of currently authenticated user " OmniAuth gem helps a lot by providing uniform API to different strategies "

19 Which is true about third-party authentication between a requester and a provider?" Once completed, the requester can do anything you " can do on the provider" If your credentials on the requester are compromised, your credentials on the provider are also compromised " If the provider revokes access, the requester no longer has any of your info" Access can be time-limited to expire on a preset date" 19"

22 Reviews for RottenPotatoes" Simple model: I give it 4 potatoes out of 5 " Goal: easily represent the concept that movie has many reviews" The code we d like to write but how?"

Cartesian Product" table 'artists' table 'reviews' id name id desc artist_id 10 Justin 30 "Terrible" 12 11 Shakira 31 "Passable" 11 12 Britney 32 "Please" 10 Cartesian product:

artist_id 10 Justin 30 "Terrible" 12 10 Justin 31 "Passable" 11 10 Justin 32 "Please" 10 11 Shakira 30 "Terrible" 12 11 Shakira 31 "Passable" 11 11 Shakira 32 "Please" 10 12 Britney

23 Cartesian Product" table 'artists' table 'reviews' id name id desc artist_id 10 Justin 30 "Terrible" Shakira 31 "Passable" Britney 32 "Please" 10 Cartesian product: artists JOIN reviews artists.id artists.name reviews.id reviews.desc reviews.artist_id 10 Justin 30 "Terrible" Justin 31 "Passable" Justin 32 "Please" Shakira 30 "Terrible" Shakira 31 "Passable" Shakira 32 "Please" Britney 30 "Terrible" Britney 31 "Passable" Britney 32 "Please" 10 Filtered Cartesian product: artists JOIN reviews ON artists.id = reviews.artist_id artists.id artists.name reviews.id reviews.desc reviews.artist_id 10 Justin 32 "Please" Shakira 31 "Passable" Britney 30 "Terrible" 12

24 Expressing Has Many in terms of Relational DB model" foreign key (FK) in one table refers to the primary key of another table" reviews" movies" id" title" id*" movie_id" potatoes" rating" release_date"

.." reviews" SELECT * FROM movies, reviews WHERE movies.

25 Databases 101" joins are queries that combine records from 2 or more tables using PKs and FKs" movies" id"..." reviews" SELECT * FROM movies, reviews WHERE movies.id = reviews.movie_id id" movie_id"..." Cartesian product"

26 Which statement is false regarding Cartesian products as a way of representing relationships?" You can represent one-to-one relationships as " well as one-to-many relationships" You can represent many-to-many relationships" The size of the full Cartesian product is independent of the join criteria" You can only filter based on on primary or foreign key (id) columns" 26"

about keys and joins" class Movie < ActiveRecord::Base has_many :reviews end

28 ActiveRecord Associations" allows manipulating DB-managed associations more Rubyistically" after setting things up correctly, you don't have to worry (much) about keys and joins" class Movie < ActiveRecord::Base has_many :reviews end class Review < ActiveRecord::Base belongs_to :movie 28 end" The foreign key belongs to me "

29 Basic idea " reviews table gets a foreign key (FK) field that has primary key of Movie a review is for" Dereference movie.reviews == perform database join (lazily) to find reviews where movie_id == movie.id Dereference review.movie == look up the one movie whose PK id == review.movie_id Note! must add FK fields using a migration!"

30 Association proxy methods! Now you can # Enumerable of reviews And also go the other # what movie is reviewed? You can add new reviews for a = => # how are these different from just new() & # instantly FK in => '...')

31 Which Ruby language mechanisms would be appropriate for implementing associations that can be used by ActiveRecord models?" (a) build behaviors into ActiveRecord::Base" (b) put behaviors in their own Module" (c) put behaviors in their own Class" "Only (a)" " (a) or (b), but not (c)" " (a) or (c), but not (b)" " Any of (a), (b), or (c) would be equally suitable" 31"

Validations vs. Filters

Validations vs. Filters Advice (DRYness) Validation Filter Check invariants on model Check conditions for allowing controller action to run Pointcut AR model lifecycle hooks Before and/or after any public